Network schematic:
Client PC with GreenBow VPNLinksys BEFSX41 VPN routerServer PC
The IPSec VPN tunnel opens as expected between the client PC and the Linksys router, both set according to GreenBow's instructions
The problem is that, with the VPN tunnel open, the client PC cannot ping the server PC. However, it can access data on the server using Windows file sharing, and it can ping other nodes (not PCs) on the home LAN. It just can't ping the server.
And it gets stranger. With the VPN tunnel still open, I tried pinging the client from the server (reversed direction). That ping went through normally. Then I went back and tried pinging the server from the client (forward direction again). Now that ping goes through normally! Once the server pings that client, it can respond to client pings, but not before. (Perhaps it believes clients should speak only when spoken to? :-)
I have checked the server for firewalls, and all that I can see are disabled.
I used Wireshark (formerly Ethereal) on the server to observe what packets it sees. Sure enough, the trace (below) shows incoming pings from the client arriving but not getting a response. Then it shows outgoing pings to the client getting a response. Then it shows the second series of incoming pings from the client getting a response.
Can anybody offer an explanation and fix for this strange behavior?
Some particulars:
Both PCs running up-to-date Windows XP GreenBow VPN client version 4.00.006 Linksys BEFSX41 firmware Version: 1.52.10 Home LAN using private IP subnet 192.168.15.X
Wireshark trace (captured at server):
[Client pings server, which fails to reply.]No. Time Source Destination Protocol Info 1 0.000000 70.7.23.12 192.168.15.99 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 2 5.386446 70.7.23.12 192.168.15.99 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 3 10.905974 70.7.23.12 192.168.15.99 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 4 16.399834 70.7.23.12 192.168.15.99 ICMP Echo (ping) request
[Server pings client, and receives replies.]No. Time Source Destination Protocol Info 5 43.297308 192.168.15.99 70.7.23.12 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 6 43.600466 70.7.23.12 192.168.15.99 ICMP Echo (ping) reply
No. Time Source Destination Protocol Info 7 44.297382 192.168.15.99 70.7.23.12 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 8 44.452911 70.7.23.12 192.168.15.99 ICMP Echo (ping) reply
No. Time Source Destination Protocol Info 9 45.298523 192.168.15.99 70.7.23.12 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 10 45.465780 70.7.23.12 192.168.15.99 ICMP Echo (ping) reply
No. Time Source Destination Protocol Info 11 46.299288 192.168.15.99 70.7.23.12 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 12 46.479116 70.7.23.12 192.168.15.99 ICMP Echo (ping) reply
[Client pings server, which now replies.]No. Time Source Destination Protocol Info 13 52.265711 70.7.23.12 192.168.15.99 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 14 52.265796 192.168.15.99 70.7.23.12 ICMP Echo (ping) reply
No. Time Source Destination Protocol Info 15 53.279077 70.7.23.12 192.168.15.99 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 16 53.279159 192.168.15.99 70.7.23.12 ICMP Echo (ping) reply
No. Time Source Destination Protocol Info 17 54.265521 70.7.23.12 192.168.15.99 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 18 54.265606 192.168.15.99 70.7.23.12 ICMP Echo (ping) reply
No. Time Source Destination Protocol Info 19 55.278624 70.7.23.12 192.168.15.99 ICMP Echo (ping) request
No. Time Source Destination Protocol Info 20 55.278706 192.168.15.99 70.7.23.12 ICMP Echo (ping) reply